CVE-2016-3957
Published
CVSS v3
N/A
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
Free and open source full-stack enterprise framework for agile development of secure database-driven web-based applications, written and programmable in Python.
GitHub